Question 34
Domain 5: Data ProtectionAn organization needs to protect data as it travels between two networks over an untrusted connection. Which technology is primarily designed to provide confidentiality and integrity for that traffic in transit?
Correct answer: B
Explanation
A VPN is used to protect data in transit across untrusted networks, and IPsec is a VPN technology specifically used to provide confidentiality and integrity for network traffic. — AWS-Certified-Security-Specialty_Exam-Guide.txt
Why each option is right or wrong
A. DNS resolution to translate hostnames into IP addresses
DNS translates names to addresses; it does not provide confidentiality or integrity for traffic in transit.
B. IPsec within a VPN to secure traffic between networks
The source material identifies VPN concepts, including IPsec, under controls that provide confidentiality and integrity for data in transit. In this scenario, traffic is moving between networks over an untrusted connection, so IPsec within a VPN is the technology that fits that purpose.
C. Network address translation to hide internal private addresses
NAT changes address presentation; it does not ensure confidentiality or integrity of transmitted data.
D. Routing updates to choose the best path across the network
Routing determines packet paths; it does not secure payloads for confidentiality or integrity.